The National Investigation Office’s cyber crime unit has launched three criminal procedures related to the Budapest public transport company’s (BKK) e-ticket system, daily Magyar Idők said on Saturday, citing police information.
As we wrote before, the BKK launched the online ticket and lease purchase interface on July but there were rough security flaws in the system. Among other things, with a “basic hacking” anyone could get a lease for as much money as he wants.
Read more at: https://dailynewshungary.com/new-electronic-ticket-system-unsafe/
The NNI is conducting an investigation over suspicion of abuse of information system or data against an 18-year old man who abused a fault of the e-ticket sales system to change the price of the monthly e-pass to 50 forints (0.16 euros), which the programme accepted.
The other two criminal procedures have been initiated against unknown offenders. One of these concerns suspicion of misappropriation related to losses BKK suffered due to development faults of the e-ticket system. Police are trying to establish who is responsible for failing to eliminate the security shortcomings.
The third procedure has been launched over abuse of personal data after news portal 24.hu handed over to the National Authority for Data Protection and Freedom of Information a list containing thousands of users’ data, sent to the portal by a hacker. This investigation is targeted at the unknown hacker who broke into the e-ticket system and stole the data.
Police are also working to identify the person who hacked the computer system of BKK’s MOL BuBi bike rental system who obtained the data of more than 5,000 users and sent them also to 24.hu. The portal forwarded the data to the national data protection authority, which initiated an official procedure, the paper said.